rpm package
opensuse/slurm&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-27746 | — | < 18.08.9-lp151.2.14.1 | 18.08.9-lp151.2.14.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | ||
| CVE-2020-27745 | — | < 18.08.9-lp151.2.14.1 | 18.08.9-lp151.2.14.1 | Nov 27, 2020 | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | ||
| CVE-2020-12693 | — | < 18.08.9-lp151.2.10.1 | 18.08.9-lp151.2.10.1 | May 21, 2020 | Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. | ||
| CVE-2019-19727 | — | < 18.08.9-lp151.2.6.1 | 18.08.9-lp151.2.6.1 | Jan 13, 2020 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions. | ||
| CVE-2019-19728 | — | < 18.08.9-lp151.2.6.1 | 18.08.9-lp151.2.6.1 | Jan 13, 2020 | SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges. | ||
| CVE-2019-12838 | — | < 18.08.8-lp151.2.3.1 | 18.08.8-lp151.2.3.1 | Jul 11, 2019 | SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection. |
- CVE-2020-27746Nov 27, 2020affected < 18.08.9-lp151.2.14.1fixed 18.08.9-lp151.2.14.1
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
- CVE-2020-27745Nov 27, 2020affected < 18.08.9-lp151.2.14.1fixed 18.08.9-lp151.2.14.1
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
- CVE-2020-12693May 21, 2020affected < 18.08.9-lp151.2.10.1fixed 18.08.9-lp151.2.10.1
Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
- CVE-2019-19727Jan 13, 2020affected < 18.08.9-lp151.2.6.1fixed 18.08.9-lp151.2.6.1
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.
- CVE-2019-19728Jan 13, 2020affected < 18.08.9-lp151.2.6.1fixed 18.08.9-lp151.2.6.1
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
- CVE-2019-12838Jul 11, 2019affected < 18.08.8-lp151.2.3.1fixed 18.08.8-lp151.2.3.1
SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.